GO-2023-1925: Weave GitOps Terraform Controller Information Disclosure Vulnerability in github.com/weaveworks/tf-controller

tf-controller

module

v0.13.0-rc.9 Latest Latest Go to latest Published: Oct 16, 2022 License: MPL-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/weaveworks/tf-controller

README ¶

Weave GitOps Terraform Controller

Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in the GitOps way. With the power of Flux together with Terraform, TF-controller allows you to GitOps-ify infrastructure, and application resources, in the Kubernetes and Terraform universe, at your own pace.

"At your own pace" means you don't need to GitOps-ify everything at once.

TF-controller offers many GitOps models:

GitOps Automation Model: GitOps your Terraform resources from the provision steps to the enforcement steps, like a whole EKS cluster.
Hybrid GitOps Automation Model: GitOps parts of your existing infrastructure resources. For example, you have an existing EKS cluster. You can choose to GitOps only its nodegroup, or its security group.
State Enforcement Model: You have a TFSTATE file, and you'd like to use GitOps enforce it, without changing anything else.
Drift Detection Model: You have a TFSTATE file, and you'd like to use GitOps just for drift detection, so you can decide to do things later when a drift occurs.

Quickstart and documentation

To get started check out this guide on how to GitOps your Terraform resources with TF-controller and Flux.

Check out the documentation for a list of features and use cases.

Roadmap

Q3 2022

Performance
Scalability
Interop with Notification controller's Events and Alert
Validation webhooks for the planning stage

Q4 2022

~~CRD wrappers~~ A new component model for Terraform modules
Dependency management for TF-controller objects
AWS package for TF-controller (e.g. EKS, RDS, etc.)
CLI for Weave GitOps Enterprise

Q1 2023

Observability - logging from the different stages of the runner
CLI to GitOpsify existing Terraform workflows
Selectable Terraform versions
Cloud cost estimation
Write back and show plan in PRs (Atlantis-like experience)

Q2 2023

Enhanced security (the lockdown mode)
External drift detector
Type safety for custom backends
v1alpha2 API

Q3 2023

Azure package for TF-controller (e.g. AKS, CosmosDB, etc.)
GCP package for TF-controller (e.g. GKE, CloudSQL, etc.)
ARM64 & Gravitron support
Containerd compatibility

Q4 2023

v1beta1 API (stabilization)

Directories ¶

Path	Synopsis
api module
cmd
manager
runner
tfctl
controllers
mtls
runner
tfctl
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL